diff --git a/pages/account/13.php b/pages/account/13.php index 36d33db..8490727 100644 --- a/pages/account/13.php +++ b/pages/account/13.php @@ -13,17 +13,18 @@ PARTICULAR PURPOSE. See the License for more details. */ ?>
@@ -33,22 +34,22 @@ - + - + - + - + - + - + - + - + - - + + - - + + - - + + - - + + - - + + diff --git a/pages/wot/9.php b/pages/wot/9.php index 96a9251..e3d769d 100644 --- a/pages/wot/9.php +++ b/pages/wot/9.php @@ -17,7 +17,6 @@ if(mysql_num_rows($res) <= 0) { echo _("Sorry, I was unable to locate that user, the person doesn't wish to be contacted, or isn't an assurer."); - unset($_SESSION['_config']['user']); } else { $user = mysql_fetch_array($res); @@ -27,14 +26,13 @@ if($points <= 0) { echo _("Sorry, I was unable to locate that user."); - unset($_SESSION['_config']['user']); } else { - $_SESSION['_config']['user'] = $user; $_SESSION['_config']['pagehash'] = md5(date("U")); ?>
ERROR:
+
:

()
:

()

@@ -81,22 +82,22 @@
:

()
:

()

@@ -108,24 +109,24 @@
1) 1) 
2) 2) 
3) 3) 
4) 4) 
5) 5) 
">
diff --git a/www/wot.php b/www/wot.php index 9cc8b89..d45cba8 100644 --- a/www/wot.php +++ b/www/wot.php @@ -401,7 +401,7 @@ exit; } - if($oldid == 9 && $_SESSION['_config']['user']['id'] > 0 && $_SESSION['profile']['id'] > 0) + if($oldid == 9 && $_REQUEST['userid'] > 0 && $_SESSION['profile']['id'] > 0) { if($_SESSION['_config']['pagehash'] != $_REQUEST['pageid']) { @@ -409,15 +409,27 @@ $id = 9; $error = _("It looks like you were trying to contact multiple people, this isn't allowed due to data security reasons."); } else { - $body = $_POST['message']; - $subject = $_POST['subject']; - sendmail($_SESSION['_config']['user']['email'], "[CAcert.org] ".$_POST['subject'], $_POST['message'], - $_SESSION['profile']['email'], "", "", $_SESSION['profile']['fname']." ".$_SESSION['profile']['lname']); - showheader(_("My CAcert.org Account!")); - echo "

"._("Your email has been sent to ").$_SESSION['_config']['user']['fname'].".

"; - echo "

[ Go Back ]

\n"; - showfooter(); - exit; + $body = $_REQUEST['message']; + $subject = $_REQUEST['subject']; + $userid = intval($_REQUEST['userid']); + $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$userid' and `listme`=1")); + $points = mysql_num_rows(mysql_query("select sum(`points`) as `total` from `notary` + where `to`='".$user['id']."' group by `to` HAVING SUM(`points`) > 0")); + if($points > 0) + { + sendmail($user['email'], "[CAcert.org] ".$_REQUEST['subject'], $_REQUEST['message'], + $_SESSION['profile']['email'], "", "", $_SESSION['profile']['fname']." ".$_SESSION['profile']['lname']); + showheader(_("My CAcert.org Account!")); + echo "

"._("Your email has been sent to ").$user['fname'].".

"; + echo "

[ Go Back ]

\n"; + showfooter(); + exit; + } else { + showheader(_("My CAcert.org Account!")); + echo _("Sorry, I was unable to locate that user."); + showfooter(); + exit; + } } } elseif($oldid == 9) { unset($oldid);